CVE-2019-9042

An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules
References
Link Resource
http://www.iwantacve.cn/index.php/archives/116/ Exploit Third Party Advisory
http://www.iwantacve.cn/index.php/archives/116/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sitemagic:sitemagic_cms:4.4:*:*:*:*:*:*:*

History

21 Nov 2024, 04:50

Type Values Removed Values Added
References () http://www.iwantacve.cn/index.php/archives/116/ - Exploit, Third Party Advisory () http://www.iwantacve.cn/index.php/archives/116/ - Exploit, Third Party Advisory

07 Nov 2023, 03:13

Type Values Removed Values Added
Summary ** DISPUTED ** An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules. An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules

Information

Published : 2019-02-23 18:29

Updated : 2024-11-21 04:50


NVD link : CVE-2019-9042

Mitre link : CVE-2019-9042

CVE.ORG link : CVE-2019-9042


JSON object : View

Products Affected

sitemagic

  • sitemagic_cms
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type